A Complete Guide to checkpoint 156 215.77
Exambible ccsa 156 215.77 Questions are updated and all ccsa 156 215.77 answers are verified by experts. Once you have completely prepared with our 156 215.77 pdf exam prep kits you will be ready for the real 156 215.77 pdf exam without a problem. We have Improve Check Point 156 215.77 pdf dumps study guide. PASSED exam 156 215.77 First attempt! Here What I Did.
Q31. - (Topic 1)
You need to back up the routing, interface, and DNS configuration information from your R77 GAiA Security Gateway. Which backup-and-restore solution do you use?
A. GAiA back up utilities
B. upgrade_export and upgrade_import commands
C. Database Revision Control
D. Manual copies of the directory $FWDIR/conf
Q32. - (Topic 1)
ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. Export setup
B. Time & Date
C. DHCP Server configuration
D. GUI Clients
Q33. - (Topic 3)
Which of the following items should be configured for the Security Management Server to authenticate using LDAP?
A. Login Distinguished Name and password
B. Windows logon password
C. Check Point Password
D. WMI object
Q34. - (Topic 1)
The Tokyo Security Management Server Administrator cannot connect from his workstation in Osaka.
Which of the following lists the BEST sequence of steps to troubleshoot this issue?
A. Call Tokyo to check if they can ping the Security Management Server locally. If so, login to sgtokyo, verify management connectivity and Rule Base. If this looks okay, ask your provider if they have some firewall rules that filters out your management traffic.
B. Verify basic network connectivity to the local Gateway, service provider, remote Gateway, remote network and target machine. Then, test for firewall rules that deny management access to the target. If successful, verify that pcosaka is a valid client IP address.
C. Check for matching OS and product versions of the Security Management Server and the client. Then, ping the Gateways to verify connectivity. If successful, scan the log files for any denied management packets.
D. Check the allowed clients and users on the Security Management Server. If pcosaka and your user account are valid, check for network problems. If there are no network related issues, this is likely to be a problem with the server itself. Check for any patches and upgrades. If still unsuccessful, open a case with Technical Support.
Q35. - (Topic 2)
You are responsible for the configuration of MegaCorp's Check Point Firewall. You need to allow two NAT rules to match a connection. Is it possible? Give the BEST answer.
A. Yes, it is possible to have two NAT rules which match a connection, but only when using Automatic NAT (bidirectional NAT).
B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual NAT (bidirectional NAT).
C. Yes, there are always as many active NAT rules as there are connections.
D. No, it is not possible to have more than one NAT rule matching a connection. When the firewall receives a packet belonging to a connection, it compares it against the first rule in the Rule Base, then the second rule, and so on. When it finds a rule that matches, it stops checking and applies that rule.
Q36. - (Topic 3)
Which of the following methods is NOT used by Identity Awareness to catalog identities?
A. AD Query
C. Captive Portal
D. Identity Agent
Q37. - (Topic 3)
Which of the following is NOT true for Clientless VPN?
A. User Authentication is supported.
B. Secure communication is provided between clients and servers that support HTTP.
C. The Gateway accepts any encryption method that is proposed by the client and supported in the VPN.
D. The Gateway can enforce the use of strong encryption.
Q38. - (Topic 2)
Which of the following is a viable consideration when determining Rule Base order?
A. Adding SAM rules at the top of the Rule Base
B. Placing frequently accessed rules before less frequently accessed rules
C. Grouping rules by date of creation
D. Grouping IPS rules with dynamic drop rules
Q39. - (Topic 3)
Select the TRUE statements about the Rule Base shown?
1) HTTP traffic from webrome to websingapore will be encrypted. 2) HTTP traffic from websingapore to webrome will be encrypted. 3) HTTP traffic from webrome to websingapore will be authenticated. 4) HTTP traffic from websingapore to webrome will be blocked.
A. 1, 2, and 3
B. 2 and 3
C. 3 and 4
D. 3 only
Q40. - (Topic 1)
An Administrator without access to SmartDashboard installed a new IPSO-based R77 Security Gateway over the weekend. He e-mailed you the SIC activation key. You want to confirm communication between the Security Gateway and the Management Server by installing the Policy. What might prevent you from installing the Policy?
A. You have not established Secure Internal Communications (SIC) between the Security Gateway and Management Server. You must initialize SIC on the Security Management Server.
B. You first need to create a new Gateway object in SmartDashboard, establish SIC via the Communication button, and define the Gateway's topology.
C. An intermediate local Security Gateway does not allow a policy install through it to the remote new Security Gateway appliance. Resolve by running the command fw unloadlocal on the local Security Gateway.
D. You first need to run the command fw unloadlocal on the R75 Security Gateway appliance in order to remove the restrictive default policy.